Menu
▾
▴
tolven-cvs-commit — Tolven CVS Commit
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(141) |
Sep
(184) |
Oct
(159) |
Nov
(77) |
Dec
(114) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(212) |
Feb
(302) |
Mar
(323) |
Apr
(360) |
May
(302) |
Jun
(392) |
Jul
(299) |
Aug
(858) |
Sep
(499) |
Oct
(489) |
Nov
(324) |
Dec
(438) |
| 2008 |
Jan
(449) |
Feb
(388) |
Mar
(811) |
Apr
(583) |
May
(949) |
Jun
(1431) |
Jul
(943) |
Aug
(527) |
Sep
(576) |
Oct
(440) |
Nov
(1046) |
Dec
(658) |
| 2009 |
Jan
(259) |
Feb
(192) |
Mar
(495) |
Apr
(2322) |
May
(2023) |
Jun
(1387) |
Jul
(722) |
Aug
(771) |
Sep
(167) |
Oct
(142) |
Nov
(384) |
Dec
(884) |
| 2010 |
Jan
(344) |
Feb
(82) |
Mar
(248) |
Apr
(341) |
May
(389) |
Jun
(289) |
Jul
(19) |
Aug
(478) |
Sep
(274) |
Oct
(431) |
Nov
(322) |
Dec
(207) |
| 2011 |
Jan
(125) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Joseph I. <jos...@us...> - 2006-12-22 06:50:05
|
Update of /cvsroot/tolven/tolvenEJB/src/test/org/tolven/security/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv24312/src/test/org/tolven/security/bean Added Files: SecurityTestSuite.java Log Message: Added a security testsuite to run testcases more conveniently --- NEW FILE: SecurityTestSuite.java --- package test.org.tolven.security.bean; import junit.framework.Test; import junit.framework.TestSuite; public class SecurityTestSuite { public static Test suite() { TestSuite suite = new TestSuite("Test for test.org.tolven.security.bean"); //$JUnit-BEGIN$ suite.addTestSuite(UserPrivateKeyTestCase.class); suite.addTestSuite(AccountSecretKeyTestCase.class); suite.addTestSuite(TolvenPublicKeyTestCase.class); suite.addTestSuite(AccountPrivateKeyTestCase.class); suite.addTestSuite(DocumentSecretKeyTestCase.class); //$JUnit-END$ return suite; } } |
|
From: Joseph I. <jos...@us...> - 2006-12-22 06:40:33
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/web In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv20711/src/org/tolven/web Modified Files: TopAction.java Log Message: Encapsulated the creation of UserPrivateKey away from TopAction into TolvenUser. Tidied up exception handling. Index: TopAction.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/web/TopAction.java,v retrieving revision 1.23 retrieving revision 1.24 diff -C2 -d -r1.23 -r1.24 *** TopAction.java 22 Dec 2006 05:26:46 -0000 1.23 --- TopAction.java 22 Dec 2006 06:40:31 -0000 1.24 *************** *** 15,18 **** --- 15,19 ---- import java.io.IOException; + import java.security.GeneralSecurityException; import java.security.PublicKey; import java.util.Collection; *************** *** 30,33 **** --- 31,35 ---- import javax.security.auth.Subject; import javax.security.jacc.PolicyContext; + import javax.security.jacc.PolicyContextException; import javax.servlet.http.HttpSession; *************** *** 185,189 **** return dispatchingLogout("missingUserObject"); } ! if (!getUser().hasUserPrivateKey() && System.getProperty("tolven.security.keys.activate") != null) createUserPrivateKey(); accountUserId = getRequestParameterAsLong( "accountUserId" ); // Otherwise, we dispatch based on the defaultAccount or the one the user selected. --- 187,191 ---- return dispatchingLogout("missingUserObject"); } ! if (!getUser().hasUserPrivateKey() && System.getProperty("tolven.security.keys.activate") != null) initUserPrivateKey(); accountUserId = getRequestParameterAsLong( "accountUserId" ); // Otherwise, we dispatch based on the defaultAccount or the one the user selected. *************** *** 233,256 **** } ! private void createUserPrivateKey() { ! try { ! Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); ! if (subject == null) ! throw new RuntimeException(getClass() + ": No Subject found in PolicyContext"); ! PasswordCredential passwordCredential = null; ! for (java.util.Iterator iter = subject.getPrivateCredentials().iterator(); iter.hasNext();) { ! // TOOD: Assume one and only PrivateCredential for the ! // current logged in user ! passwordCredential = (PasswordCredential) iter.next(); ! } ! UserPrivateKey privateKey = UserPrivateKey.getInstance(); ! PublicKey publicKey = privateKey.init(passwordCredential.getPassword()); ! getUser().setUserPrivateKey(privateKey); ! getUser().setPublicKey(publicKey); ! } catch (Exception ex) { ! // TODO: Do nothing but note the fact during development of ! // encryption keys ! System.out.println(getClass() + ": Debug info: Problem while creating UserPrivateKey - " + ex.getMessage()); } } --- 235,256 ---- } ! /** ! * Initialize the user's PrivateKey, using the PasswordCredential retrieved from the Subject in the PolicyContext ! * @throws PolicyContextException ! * @throws GeneralSecurityException ! * @throws IOException ! */ ! private void initUserPrivateKey() throws PolicyContextException, GeneralSecurityException, IOException { ! Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); ! if (subject == null) ! throw new IllegalStateException("No Subject found in PolicyContext"); ! PasswordCredential passwordCredential = null; ! for (java.util.Iterator iter = subject.getPrivateCredentials().iterator(); iter.hasNext();) { ! // TODO: Assume only one PrivateCredential for the current logged in user ! passwordCredential = (PasswordCredential) iter.next(); } + if (passwordCredential == null) + throw new IllegalStateException("No PasswordCredential found in Subject"); + getUser().initUserPrivateKey(passwordCredential.getPassword()); } |
|
From: Joseph I. <jos...@us...> - 2006-12-22 06:40:30
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv20675/src/org/tolven/core/bean Modified Files: AccountDAOBean.java Log Message: Encapsulated the creation of UserPrivateKey away from TopAction into TolvenUser. Tidied up exception handling. Index: AccountDAOBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean/AccountDAOBean.java,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** AccountDAOBean.java 22 Dec 2006 05:26:42 -0000 1.12 --- AccountDAOBean.java 22 Dec 2006 06:40:25 -0000 1.13 *************** *** 14,17 **** --- 14,19 ---- package org.tolven.core.bean; + import java.io.IOException; + import java.security.GeneralSecurityException; import java.security.PublicKey; import java.util.ArrayList; *************** *** 30,33 **** --- 32,37 ---- import javax.security.auth.Subject; import javax.security.jacc.PolicyContext; + import javax.security.jacc.PolicyContextException; + import org.jboss.annotation.security.SecurityDomain; import org.tolven.core.AccountDAOLocal; *************** *** 158,162 **** * @param accountPermission boolean indicating if this user has account administration permission */ ! public AccountUser inviteAccountUser(Account account, TolvenUser user, Date now, boolean accountPermission) { if (System.getProperty("tolven.security.keys.activate") != null) { try { --- 162,166 ---- * @param accountPermission boolean indicating if this user has account administration permission */ ! public AccountUser inviteAccountUser(Account account, TolvenUser user, Date now, boolean accountPermission) { if (System.getProperty("tolven.security.keys.activate") != null) { try { *************** *** 184,188 **** } catch (Exception ex) { //TODO: consider declaring exceptions in the method declaration ! throw new RuntimeException(getClass() + ": Debug info: Problem adding Account Key to Invitation - " + ex.getMessage()); } } else { --- 188,192 ---- } catch (Exception ex) { //TODO: consider declaring exceptions in the method declaration ! throw new RuntimeException(getClass() + ": Debug info: Problem with inviteAccountUser - " + ex.getMessage()); } } else { *************** *** 191,209 **** } ! private void unlockUserPrivateKey(TolvenUser loggedInUser) { ! try { ! Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); ! if (subject == null) ! throw new RuntimeException(getClass() + ": No Subject found in PolicyContext"); ! PasswordCredential passwordCredential = null; ! for (java.util.Iterator iter = subject.getPrivateCredentials().iterator(); iter.hasNext();) { ! // TOOD: Assume one and only PrivateCredential for the current logged in user ! passwordCredential = (PasswordCredential) iter.next(); ! } ! loggedInUser.getUserPrivateKey().unlockPrivateKey(passwordCredential.getPassword()); ! } catch (Exception ex) { ! // TODO: Do nothing but note the fact during development of encryption keys ! System.out.println(getClass() + ": Debug info: Problem while setting UserPrivateKey - " + ex.getMessage()); } } --- 195,217 ---- } ! /** ! * Unlock the PrivateKey of the TolvenUser currently logged in, using the PasswordCredential retrieved from the Subject in the PolicyContext ! * @param loggedInUser ! * @throws PolicyContextException ! * @throws GeneralSecurityException ! * @throws IOException ! */ ! private void unlockUserPrivateKey(TolvenUser loggedInUser) throws PolicyContextException, GeneralSecurityException, IOException { ! Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); ! if (subject == null) ! throw new IllegalStateException("No Subject found in PolicyContext"); ! PasswordCredential passwordCredential = null; ! for (java.util.Iterator iter = subject.getPrivateCredentials().iterator(); iter.hasNext();) { ! // TOOD: Assume one and only PrivateCredential for the current logged in user ! passwordCredential = (PasswordCredential) iter.next(); } + if (passwordCredential == null) + throw new IllegalStateException("No PasswordCredential found in Subject"); + loggedInUser.getUserPrivateKey().unlockPrivateKey(passwordCredential.getPassword()); } |
|
From: Joseph I. <jos...@us...> - 2006-12-22 06:40:30
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core/entity In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv20675/src/org/tolven/core/entity Modified Files: TolvenUser.java Account.java Log Message: Encapsulated the creation of UserPrivateKey away from TopAction into TolvenUser. Tidied up exception handling. Index: Account.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/entity/Account.java,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** Account.java 9 Dec 2006 11:16:23 -0000 1.12 --- Account.java 22 Dec 2006 06:40:25 -0000 1.13 *************** *** 209,213 **** public PublicKey getPublicKey() throws GeneralSecurityException { ! return tolvenPublicKey.getPublicKey(); } --- 209,213 ---- public PublicKey getPublicKey() throws GeneralSecurityException { ! return tolvenPublicKey == null ? null : tolvenPublicKey.getPublicKey(); } Index: TolvenUser.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/entity/TolvenUser.java,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** TolvenUser.java 8 Dec 2006 07:21:52 -0000 1.12 --- TolvenUser.java 22 Dec 2006 06:40:25 -0000 1.13 *************** *** 14,17 **** --- 14,18 ---- package org.tolven.core.entity; + import java.io.IOException; import java.io.Serializable; import java.util.Date; *************** *** 227,231 **** public PublicKey getPublicKey() throws GeneralSecurityException { ! return tolvenPublicKey.getPublicKey(); } --- 228,232 ---- public PublicKey getPublicKey() throws GeneralSecurityException { ! return tolvenPublicKey == null ? null : tolvenPublicKey.getPublicKey(); } *************** *** 235,240 **** } ! ! } --- 236,247 ---- } ! public void initUserPrivateKey(char[] password) throws GeneralSecurityException, IOException { ! if (getUserPrivateKey() != null || getPublicKey() != null) ! throw new IllegalStateException("User already has public/private keys"); ! UserPrivateKey privateKey = UserPrivateKey.getInstance(); ! PublicKey publicKey = privateKey.init(password); ! setUserPrivateKey(privateKey); ! setPublicKey(publicKey); ! } } |
|
From: Joseph I. <jos...@us...> - 2006-12-22 05:26:51
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/web In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv23347/src/org/tolven/web Modified Files: TopAction.java Log Message: Removed ActivationBean from the tolvenLDAP SecurityDomain and put AccountDAOBean there instead. Run the Ajax Servlet with a generalized role ('*') to match the generalized role defined by the web.xml (seems superfluous conceptually, as though it should inherit the behavior, but it has to be explicitly defined or nothing works as expected). Index: TopAction.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/web/TopAction.java,v retrieving revision 1.22 retrieving revision 1.23 diff -C2 -d -r1.22 -r1.23 *** TopAction.java 3 Dec 2006 02:33:08 -0000 1.22 --- TopAction.java 22 Dec 2006 05:26:46 -0000 1.23 *************** *** 15,18 **** --- 15,19 ---- import java.io.IOException; + import java.security.PublicKey; import java.util.Collection; import java.util.LinkedList; *************** *** 26,29 **** --- 27,33 ---- import javax.naming.InitialContext; import javax.naming.NamingException; + import javax.resource.spi.security.PasswordCredential; + import javax.security.auth.Subject; + import javax.security.jacc.PolicyContext; import javax.servlet.http.HttpSession; *************** *** 38,41 **** --- 42,46 ---- import org.tolven.security.TolvenPerson; import org.tolven.security.bean.LDAPLocal; + import org.tolven.security.bean.UserPrivateKey; /** *************** *** 173,177 **** invitationBean.executeInvitation( getInvitationId(), getNow()); } - // If user still not logged in, send them packing, we've got a problem if (getUser()==null) { --- 178,181 ---- *************** *** 181,185 **** return dispatchingLogout("missingUserObject"); } ! accountUserId = getRequestParameterAsLong( "accountUserId" ); // Otherwise, we dispatch based on the defaultAccount or the one the user selected. --- 185,189 ---- return dispatchingLogout("missingUserObject"); } ! if (!getUser().hasUserPrivateKey() && System.getProperty("tolven.security.keys.activate") != null) createUserPrivateKey(); accountUserId = getRequestParameterAsLong( "accountUserId" ); // Otherwise, we dispatch based on the defaultAccount or the one the user selected. *************** *** 229,232 **** --- 233,258 ---- } + private void createUserPrivateKey() { + try { + Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); + if (subject == null) + throw new RuntimeException(getClass() + ": No Subject found in PolicyContext"); + PasswordCredential passwordCredential = null; + for (java.util.Iterator iter = subject.getPrivateCredentials().iterator(); iter.hasNext();) { + // TOOD: Assume one and only PrivateCredential for the + // current logged in user + passwordCredential = (PasswordCredential) iter.next(); + } + UserPrivateKey privateKey = UserPrivateKey.getInstance(); + PublicKey publicKey = privateKey.init(passwordCredential.getPassword()); + getUser().setUserPrivateKey(privateKey); + getUser().setPublicKey(publicKey); + } catch (Exception ex) { + // TODO: Do nothing but note the fact during development of + // encryption keys + System.out.println(getClass() + ": Debug info: Problem while creating UserPrivateKey - " + ex.getMessage()); + } + } + public String logout(){ return dispatchingLogout("loggedOut"); |
|
From: Joseph I. <jos...@us...> - 2006-12-22 05:26:51
|
Update of /cvsroot/tolven/tolvenWEB/web/WEB-INF In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv23347/web/WEB-INF Modified Files: web.xml Log Message: Removed ActivationBean from the tolvenLDAP SecurityDomain and put AccountDAOBean there instead. Run the Ajax Servlet with a generalized role ('*') to match the generalized role defined by the web.xml (seems superfluous conceptually, as though it should inherit the behavior, but it has to be explicitly defined or nothing works as expected). Index: web.xml =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/web/WEB-INF/web.xml,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** web.xml 17 Dec 2006 01:18:28 -0000 1.10 --- web.xml 22 Dec 2006 05:26:46 -0000 1.11 *************** *** 87,93 **** <servlet-class>javax.faces.webapp.FacesServlet</servlet-class> <load-on-startup>1</load-on-startup> - <run-as> - <role-name>*</role-name> - </run-as> </servlet> <servlet-mapping> --- 87,90 ---- *************** *** 99,102 **** --- 96,102 ---- <servlet-class>org.tolven.ajax.AjaxServlet</servlet-class> <load-on-startup>5</load-on-startup> + <run-as> + <role-name>*</role-name> + </run-as> </servlet> <servlet-mapping> *************** *** 191,194 **** </form-login-config> </login-config> - </web-app> --- 191,193 ---- |
|
From: Joseph I. <jos...@us...> - 2006-12-22 05:26:45
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv23338/src/org/tolven/core/bean Modified Files: AccountDAOBean.java ActivationBean.java Log Message: Removed ActivationBean from the tolvenLDAP SecurityDomain and put AccountDAOBean there instead. Run the Ajax Servlet with a generalized role ('*') to match the generalized role defined by the web.xml (seems superfluous conceptually, as though it should inherit the behavior, but it has to be explicitly defined or nothing works as expected). Index: AccountDAOBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean/AccountDAOBean.java,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** AccountDAOBean.java 9 Dec 2006 11:16:23 -0000 1.11 --- AccountDAOBean.java 22 Dec 2006 05:26:42 -0000 1.12 *************** *** 27,30 **** --- 27,34 ---- import javax.persistence.PersistenceContext; import javax.persistence.Query; + import javax.resource.spi.security.PasswordCredential; + import javax.security.auth.Subject; + import javax.security.jacc.PolicyContext; + import org.jboss.annotation.security.SecurityDomain; import org.tolven.core.AccountDAOLocal; import org.tolven.core.InvitationLocal; *************** *** 38,41 **** --- 42,46 ---- import org.tolven.doc.entity.Invitation; import org.tolven.security.bean.AccountPrivateKey; + import org.tolven.security.bean.UserPrivateKey; *************** *** 47,50 **** --- 52,56 ---- @Stateless() @Local(AccountDAOLocal.class) + @SecurityDomain("tolvenLDAP") public class AccountDAOBean implements org.tolven.core.AccountDAOLocal { @PersistenceContext *************** *** 146,188 **** /** ! * Associate a user with an account by invitation ! * @param account The existing (although possibly very recent) Account object ! * @param user the existing (although possibly very recent) TolvenUser object ! * @param now Transactional "now" time ! * @param accountPermission boolean indicating if this user has account administration permission ! */ ! public AccountUser inviteAccountUser(Account account, TolvenUser user, Date now, boolean accountPermission) { if (System.getProperty("tolven.security.keys.activate") != null) { - // TODO: The correct location of the creation of an Invitation is - // still to be determined. It is created here, to simulate that but - // is not persisted - TolvenUser loggedInUser = findUser(ejbContext.getCallerPrincipal().getName()); - // Not sure if this is the most efficient what to find the AccountUser of the logged in user - Set<AccountUser> accountUsers = account.getAccountUsers(); - AccountUser loggedInAccountUser = null; - for (Iterator<AccountUser> iter = accountUsers.iterator(); iter.hasNext();) { - loggedInAccountUser = iter.next(); - if (loggedInAccountUser.getUser().getLdapUID().equals(loggedInUser.getLdapUID())) - break; - } - if (loggedInAccountUser == null) - throw new RuntimeException("No authorization to add users to this account"); - AccountPrivateKey loggedInAccountPrivateKey = loggedInAccountUser.getAccountPrivateKey(); - AccountPrivateKey invitedAccountPrivateKey = AccountPrivateKey.getInstance(); try { invitedAccountPrivateKey.init(loggedInAccountPrivateKey, loggedInUser.getUserPrivateKey(), user.getPublicKey()); } catch (Exception ex) { ! // TODO: Do nothing but note the fact during development of encryption keys ! System.out.println(getClass() + ": Debug info: Problem adding Account Key to Invitation - " + ex.getMessage()); } - Invitation invitation = new Invitation(); - invitation.setStatus(Status.INACTIVE.value()); - invitation.setAccountPrivateKey(invitedAccountPrivateKey); - return addAccountUser(account, user, invitation, now, accountPermission); } else { return addAccountUser(account, user, null, now, accountPermission); } } ! /** * Associate a user with an account --- 152,211 ---- /** ! * Associate a user with an account by invitation ! * @param account The existing (although possibly very recent) Account object ! * @param user the existing (although possibly very recent) TolvenUser object ! * @param now Transactional "now" time ! * @param accountPermission boolean indicating if this user has account administration permission ! */ ! public AccountUser inviteAccountUser(Account account, TolvenUser user, Date now, boolean accountPermission) { if (System.getProperty("tolven.security.keys.activate") != null) { try { + // TODO: The correct location of the creation of an Invitation is still to be determined. It is created + // here, to simulate that but is not persisted + TolvenUser loggedInUser = findUser(ejbContext.getCallerPrincipal().getName()); + unlockUserPrivateKey(loggedInUser); + // Not sure if this is the most efficient what to find the AccountUser of the logged in user + Set<AccountUser> accountUsers = account.getAccountUsers(); + AccountUser loggedInAccountUser = null; + for (Iterator<AccountUser> iter = accountUsers.iterator(); iter.hasNext();) { + loggedInAccountUser = iter.next(); + if (loggedInAccountUser.getUser().getLdapUID().equals(loggedInUser.getLdapUID())) + break; + } + if (loggedInAccountUser == null) + throw new RuntimeException("No authorization to add users to this account"); + AccountPrivateKey loggedInAccountPrivateKey = loggedInAccountUser.getAccountPrivateKey(); + AccountPrivateKey invitedAccountPrivateKey = AccountPrivateKey.getInstance(); invitedAccountPrivateKey.init(loggedInAccountPrivateKey, loggedInUser.getUserPrivateKey(), user.getPublicKey()); + Invitation invitation = new Invitation(); + invitation.setStatus(Status.INACTIVE.value()); + invitation.setAccountPrivateKey(invitedAccountPrivateKey); + return addAccountUser(account, user, invitation, now, accountPermission); } catch (Exception ex) { ! //TODO: consider declaring exceptions in the method declaration ! throw new RuntimeException(getClass() + ": Debug info: Problem adding Account Key to Invitation - " + ex.getMessage()); } } else { return addAccountUser(account, user, null, now, accountPermission); } } ! ! private void unlockUserPrivateKey(TolvenUser loggedInUser) { ! try { ! Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); ! if (subject == null) ! throw new RuntimeException(getClass() + ": No Subject found in PolicyContext"); ! PasswordCredential passwordCredential = null; ! for (java.util.Iterator iter = subject.getPrivateCredentials().iterator(); iter.hasNext();) { ! // TOOD: Assume one and only PrivateCredential for the current logged in user ! passwordCredential = (PasswordCredential) iter.next(); ! } ! loggedInUser.getUserPrivateKey().unlockPrivateKey(passwordCredential.getPassword()); ! } catch (Exception ex) { ! // TODO: Do nothing but note the fact during development of encryption keys ! System.out.println(getClass() + ": Debug info: Problem while setting UserPrivateKey - " + ex.getMessage()); ! } ! } ! /** * Associate a user with an account Index: ActivationBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean/ActivationBean.java,v retrieving revision 1.24 retrieving revision 1.25 diff -C2 -d -r1.24 -r1.25 *** ActivationBean.java 17 Dec 2006 06:28:01 -0000 1.24 --- ActivationBean.java 22 Dec 2006 05:26:42 -0000 1.25 *************** *** 15,19 **** import java.io.IOException; - import java.security.PublicKey; import java.util.ArrayList; import java.util.Calendar; --- 15,18 ---- *************** *** 34,45 **** import javax.persistence.PersistenceContext; import javax.persistence.Query; - import javax.resource.spi.security.PasswordCredential; - import javax.security.auth.Subject; - import javax.security.jacc.PolicyContext; import javax.xml.bind.JAXBException; import javax.xml.datatype.DatatypeFactory; import javax.xml.datatype.XMLGregorianCalendar; - import org.jboss.annotation.security.SecurityDomain; import org.tolven.admin.ActivateInvitation; import org.tolven.admin.AdministrativeDetail; --- 33,40 ---- *************** *** 60,64 **** import org.tolven.security.TolvenPerson; import org.tolven.security.bean.LDAPLocal; - import org.tolven.security.bean.UserPrivateKey; --- 55,58 ---- *************** *** 73,78 **** //@WebService( name="Activation", serviceName="ActivationService", targetNamespace="http://tolven.org/activation") @Stateless ! @Local(ActivationLocal.class) ! @SecurityDomain("tolvenLDAP") public class ActivationBean implements org.tolven.core.ActivationLocal { --- 67,71 ---- //@WebService( name="Activation", serviceName="ActivationService", targetNamespace="http://tolven.org/activation") @Stateless ! @Local(ActivationLocal.class) public class ActivationBean implements org.tolven.core.ActivationLocal { *************** *** 271,298 **** // experimental, then developers are free to play by setting System // property tolven.security.keys.activate - if (System.getProperty("tolven.security.keys.activate") != null) { - try { - if (!user.hasUserPrivateKey()) { - UserPrivateKey privateKey = UserPrivateKey.getInstance(); - PublicKey publicKey = privateKey.init(principal.toCharArray()); - user.setUserPrivateKey(privateKey); - user.setPublicKey(publicKey); - } - Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); - if (subject == null) { - throw new RuntimeException(getClass() + ": No Subject found in PolicyContext"); - } else { - for (java.util.Iterator iter = subject.getPrivateCredentials().iterator(); iter.hasNext();) { - // TOOD: Assume one and only PrivateCredential for the current logged in user - PasswordCredential passwordCredential = (PasswordCredential) iter.next(); - user.getUserPrivateKey().unlockPrivateKey(passwordCredential.getPassword()); - } - } - } catch (Exception ex) { - // TODO: Do nothing but note the fact during development of - // encryption keys - System.out.println(getClass() + ": Debug info: Problem while setting UserPrivateKey - " + ex.getMessage()); - } - } } return user; --- 264,267 ---- |
|
From: Joseph I. <jos...@us...> - 2006-12-22 04:03:20
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv21986/src/org/tolven/security/bean Modified Files: TolvenEncryptedSecretKey.java TolvenPublicKey.java Log Message: Added the missing MappedSuperclass annotation to TolvenEncryptedSecretKey and ensured that byte[] are stored as Lob. Index: TolvenEncryptedSecretKey.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/bean/TolvenEncryptedSecretKey.java,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** TolvenEncryptedSecretKey.java 4 Dec 2006 06:52:39 -0000 1.3 --- TolvenEncryptedSecretKey.java 22 Dec 2006 04:03:17 -0000 1.4 *************** *** 30,36 **** * */ ! @Embeddable public abstract class TolvenEncryptedSecretKey implements Serializable { @Column(name = "encrypted_secret_key") private byte[] encryptedKey; --- 30,38 ---- * */ ! @MappedSuperclass public abstract class TolvenEncryptedSecretKey implements Serializable { + @Lob + @Basic(fetch = FetchType.LAZY) @Column(name = "encrypted_secret_key") private byte[] encryptedKey; Index: TolvenPublicKey.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/bean/TolvenPublicKey.java,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** TolvenPublicKey.java 6 Dec 2006 06:47:56 -0000 1.3 --- TolvenPublicKey.java 22 Dec 2006 04:03:17 -0000 1.4 *************** *** 32,35 **** --- 32,37 ---- private static final String NOT_INITIALIZED = "TolvenPublicKey not initialized"; + @Lob + @Basic(fetch = FetchType.LAZY) @Column(name = "x509_encoded__key_spec") private byte[] x509EncodedKeySpec; |
|
From: Joseph I. <jos...@us...> - 2006-12-17 07:48:40
|
Update of /cvsroot/tolven/tolven/jboss-config In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv13836/jboss-config Modified Files: login-config.xml Log Message: Activated the KeyLdapLoginModule (subclass of the current LdapLoginModule) which merely adds PrivateCredentials to the Subject if the Principal validates against LDAP. Index: login-config.xml =================================================================== RCS file: /cvsroot/tolven/tolven/jboss-config/login-config.xml,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** login-config.xml 8 Nov 2006 07:27:42 -0000 1.11 --- login-config.xml 17 Dec 2006 07:48:37 -0000 1.12 *************** *** 67,71 **** <application-policy name="tolvenLDAP"> <authentication> ! <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required"> <module-option name="java.naming.factory.initial"> --- 67,71 ---- <application-policy name="tolvenLDAP"> <authentication> ! <login-module code="org.tolven.security.auth.KeyLdapLoginModule" flag="required"> <module-option name="java.naming.factory.initial"> |
|
From: Joseph I. <jos...@us...> - 2006-12-17 07:21:34
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv4634/src/org/tolven/security/auth Modified Files: KeyLdapLoginModule.java Log Message: Added the copyright and customary class JavaDoc comments. Index: KeyLdapLoginModule.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth/KeyLdapLoginModule.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** KeyLdapLoginModule.java 17 Dec 2006 02:54:12 -0000 1.1 --- KeyLdapLoginModule.java 17 Dec 2006 07:21:33 -0000 1.2 *************** *** 1,2 **** --- 1,15 ---- + /* + * Copyright (C) 2006 Tolven Inc + * + * This library is free software; you can redistribute it and/or modify it under the terms of + * the GNU Lesser General Public License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; + * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU Lesser General Public License for more details. + * + * Contact: in...@to... + */ package org.tolven.security.auth; *************** *** 6,13 **** --- 19,37 ---- import org.jboss.security.auth.spi.LdapLoginModule; + /** + * This class supplies the Subject with the PrivateCredentials which were used + * to authenticate against LDAP + * + * @author Joseph Isaac + * + */ public class KeyLdapLoginModule extends LdapLoginModule { private transient PasswordCredential passwordCredential; + /** + * If the LdapLoginModule superclass validates the inputPassword as true, + * then create a PasswordCredential and keep it for commit. + */ protected boolean validatePassword(String inputPassword, String expectedPassword) { boolean validated = super.validatePassword(inputPassword, expectedPassword); *************** *** 26,29 **** --- 50,57 ---- } + /** + * If the superclass commits, then place the passwordCredential in the + * Subject PrivateCredentials + */ public boolean commit() throws LoginException { boolean committed = super.commit(); *************** *** 35,38 **** --- 63,70 ---- } + /** + * If the superclass aborts, ensure that the passwordCredential is removed + * from the Subject + */ public boolean abort() throws LoginException { boolean aborted = super.abort(); |
|
From: Joseph I. <jos...@us...> - 2006-12-17 06:28:03
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv14627/src/org/tolven/core/bean Modified Files: ActivationBean.java Log Message: Use the Subject from the PolicyContext to obtain the PrivateCredential for the logged in user, and use it to unlock the PrivateKey. Index: ActivationBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean/ActivationBean.java,v retrieving revision 1.23 retrieving revision 1.24 diff -C2 -d -r1.23 -r1.24 *** ActivationBean.java 17 Dec 2006 01:18:31 -0000 1.23 --- ActivationBean.java 17 Dec 2006 06:28:01 -0000 1.24 *************** *** 34,37 **** --- 34,40 ---- import javax.persistence.PersistenceContext; import javax.persistence.Query; + import javax.resource.spi.security.PasswordCredential; + import javax.security.auth.Subject; + import javax.security.jacc.PolicyContext; import javax.xml.bind.JAXBException; import javax.xml.datatype.DatatypeFactory; *************** *** 276,280 **** user.setPublicKey(publicKey); } ! user.getUserPrivateKey().unlockPrivateKey(principal.toCharArray()); } catch (Exception ex) { // TODO: Do nothing but note the fact during development of --- 279,292 ---- user.setPublicKey(publicKey); } ! Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); ! if (subject == null) { ! throw new RuntimeException(getClass() + ": No Subject found in PolicyContext"); ! } else { ! for (java.util.Iterator iter = subject.getPrivateCredentials().iterator(); iter.hasNext();) { ! // TOOD: Assume one and only PrivateCredential for the current logged in user ! PasswordCredential passwordCredential = (PasswordCredential) iter.next(); ! user.getUserPrivateKey().unlockPrivateKey(passwordCredential.getPassword()); ! } ! } } catch (Exception ex) { // TODO: Do nothing but note the fact during development of |
|
From: Joseph I. <jos...@us...> - 2006-12-17 02:54:16
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv24663/src/org/tolven/security/auth Added Files: KeyLdapLoginModule.java Log Message: Added a subclass of JBoss' LdapLoginModule, which adds the user's private credentials to the Subject. This class is not yet activated. --- NEW FILE: KeyLdapLoginModule.java --- package org.tolven.security.auth; import javax.resource.spi.security.PasswordCredential; import java.security.Principal; import javax.security.auth.login.LoginException; import org.jboss.security.auth.spi.LdapLoginModule; public class KeyLdapLoginModule extends LdapLoginModule { private transient PasswordCredential passwordCredential; protected boolean validatePassword(String inputPassword, String expectedPassword) { boolean validated = super.validatePassword(inputPassword, expectedPassword); if (validated) { log.trace("adding password credentials"); char[] password = null; if (inputPassword != null) password = inputPassword.toCharArray(); Principal identity = getIdentity(); String userName = null; if (identity != null) userName = identity.getName(); passwordCredential = new PasswordCredential(userName, password); } return validated; } public boolean commit() throws LoginException { boolean committed = super.commit(); if (committed) { log.trace("password credentials will be committed"); subject.getPrivateCredentials().add(passwordCredential); } return committed; } public boolean abort() throws LoginException { boolean aborted = super.abort(); if (aborted) { log.trace("password credentials aborted"); subject.getPrivateCredentials().remove(passwordCredential); } passwordCredential = null; return aborted; } } |
|
From: Joseph I. <jos...@us...> - 2006-12-17 02:54:16
|
Update of /cvsroot/tolven/tolvenEJB In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv24663 Modified Files: build.xml Log Message: Added a subclass of JBoss' LdapLoginModule, which adds the user's private credentials to the Subject. This class is not yet activated. Index: build.xml =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/build.xml,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** build.xml 2 Oct 2006 05:30:08 -0000 1.11 --- build.xml 17 Dec 2006 02:54:12 -0000 1.12 *************** *** 28,31 **** --- 28,34 ---- <include name="client/*.jar"/> </fileset> + <fileset dir="${deploy.location}"> + <include name="lib/jbosssx.jar"/> + </fileset> <pathelement location="${junit.location}/junit.jar"/> </path> |
|
From: Joseph I. <jos...@us...> - 2006-12-17 02:54:10
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv24628/src/org/tolven/security/auth Log Message: Directory /cvsroot/tolven/tolvenEJB/src/org/tolven/security/auth added to the repository |
|
From: Joseph I. <jos...@us...> - 2006-12-17 01:18:34
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv17137/src/org/tolven/core/bean Modified Files: ActivationBean.java Log Message: Added AnnotationBean to the tolvenLDAP SecurityDomain, and run the Faces Servlet as principal in order to be able to access the Subject from the Bean. Index: ActivationBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean/ActivationBean.java,v retrieving revision 1.22 retrieving revision 1.23 diff -C2 -d -r1.22 -r1.23 *** ActivationBean.java 8 Dec 2006 07:21:52 -0000 1.22 --- ActivationBean.java 17 Dec 2006 01:18:31 -0000 1.23 *************** *** 38,41 **** --- 38,42 ---- import javax.xml.datatype.XMLGregorianCalendar; + import org.jboss.annotation.security.SecurityDomain; import org.tolven.admin.ActivateInvitation; import org.tolven.admin.AdministrativeDetail; *************** *** 58,61 **** --- 59,63 ---- import org.tolven.security.bean.UserPrivateKey; + //import javax.jws.WebService; /** *************** *** 69,72 **** --- 71,75 ---- @Stateless @Local(ActivationLocal.class) + @SecurityDomain("tolvenLDAP") public class ActivationBean implements org.tolven.core.ActivationLocal { |
|
From: Joseph I. <jos...@us...> - 2006-12-17 01:18:31
|
Update of /cvsroot/tolven/tolvenWEB/web/WEB-INF In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv17129/web/WEB-INF Modified Files: web.xml Log Message: Added AnnotationBean to the tolvenLDAP SecurityDomain, and run the Faces Servlet as principal in order to be able to access the Subject from the Bean. Index: web.xml =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/web/WEB-INF/web.xml,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** web.xml 18 Sep 2006 16:06:23 -0000 1.9 --- web.xml 17 Dec 2006 01:18:28 -0000 1.10 *************** *** 87,90 **** --- 87,93 ---- <servlet-class>javax.faces.webapp.FacesServlet</servlet-class> <load-on-startup>1</load-on-startup> + <run-as> + <role-name>*</role-name> + </run-as> </servlet> <servlet-mapping> |
|
From: Joseph I. <jos...@us...> - 2006-12-09 11:16:28
|
Update of /cvsroot/tolven/tolvenWEB/src/org/tolven/web In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv1297/src/org/tolven/web Modified Files: RegisterAction.java Log Message: Added functionality to simulate an invitation and handle the transfer of a private account key from one user to the invited user. This code can only be activated by developers at this time, and is still undergoing test and review. Index: RegisterAction.java =================================================================== RCS file: /cvsroot/tolven/tolvenWEB/src/org/tolven/web/RegisterAction.java,v retrieving revision 1.25 retrieving revision 1.26 diff -C2 -d -r1.25 -r1.26 *** RegisterAction.java 3 Dec 2006 02:33:08 -0000 1.25 --- RegisterAction.java 9 Dec 2006 11:16:27 -0000 1.26 *************** *** 608,612 **** return "fail"; } ! AccountUser accountUser = accountBean.addAccountUser(getAccount(), user, getNow(), false ); FacesContext.getCurrentInstance().addMessage( "accountAdmin:uid", new FacesMessage("Demo user " + uid + " added, id: " + accountUser.getUser().getId())); // force a refresh of the list --- 608,612 ---- return "fail"; } ! AccountUser accountUser = accountBean.inviteAccountUser(getAccount(), user, getNow(), false ); FacesContext.getCurrentInstance().addMessage( "accountAdmin:uid", new FacesMessage("Demo user " + uid + " added, id: " + accountUser.getUser().getId())); // force a refresh of the list |
|
From: Joseph I. <jos...@us...> - 2006-12-09 11:16:27
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core/entity In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv1244/src/org/tolven/core/entity Modified Files: Account.java Log Message: Added functionality to simulate an invitation and handle the transfer of a private account key from one user to the invited user. This code can only be activated by developers at this time, and is still undergoing test and review. Index: Account.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/entity/Account.java,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** Account.java 8 Dec 2006 07:21:52 -0000 1.11 --- Account.java 9 Dec 2006 11:16:23 -0000 1.12 *************** *** 16,19 **** --- 16,20 ---- import java.io.Serializable; import java.util.Set; + import java.security.GeneralSecurityException; import java.security.PublicKey; import javax.persistence.CascadeType; *************** *** 207,219 **** } ! public TolvenPublicKey getTolvenPublicKey() { ! return tolvenPublicKey; } ! public void setPublicKey(TolvenPublicKey aTolvenPublicKey) { ! tolvenPublicKey = aTolvenPublicKey; } ! public boolean hasTolvenPublicKey() { return tolvenPublicKey != null; } --- 208,221 ---- } ! public PublicKey getPublicKey() throws GeneralSecurityException { ! return tolvenPublicKey.getPublicKey(); } ! public void setPublicKey(PublicKey aPublicKey) { ! tolvenPublicKey = TolvenPublicKey.getInstance(); ! tolvenPublicKey.init(aPublicKey); } ! public boolean hasPublicKey() { return tolvenPublicKey != null; } |
|
From: Joseph I. <jos...@us...> - 2006-12-09 11:16:26
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/security/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv1244/src/org/tolven/security/bean Modified Files: AccountPrivateKey.java UserPrivateKey.java Log Message: Added functionality to simulate an invitation and handle the transfer of a private account key from one user to the invited user. This code can only be activated by developers at this time, and is still undergoing test and review. Index: UserPrivateKey.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/bean/UserPrivateKey.java,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** UserPrivateKey.java 6 Dec 2006 06:47:56 -0000 1.5 --- UserPrivateKey.java 9 Dec 2006 11:16:23 -0000 1.6 *************** *** 48,51 **** --- 48,53 ---- private static final String NOT_INITIALIZED = "UserPrivateKey not initialized"; + private static final String KEY_LOCKED = "UserPrivateKey is locked"; + public static final String USER_PRIVATE_KEY_ALGORITHM_PROP = "tolven.security.user.privateKeyAlgorithm"; *************** *** 105,108 **** --- 107,111 ---- /** * Return a randome salt byte[] + * * @return */ *************** *** 159,163 **** /** ! * Decrypt the encrypted Private and unlock it for future access using getPrivateKey() * @param aPassword * @throws GeneralSecurityException --- 162,168 ---- /** ! * Decrypt the encrypted Private and unlock it for future access using ! * getPrivateKey() ! * * @param aPassword * @throws GeneralSecurityException *************** *** 172,179 **** privateKey = keyFactory.generatePrivate(privateKeySpec); } ! /** * Lock UserPrivateKey by removing the decrypted privateKey ! * */ public void lockPrivateKey() { --- 177,184 ---- privateKey = keyFactory.generatePrivate(privateKeySpec); } ! /** * Lock UserPrivateKey by removing the decrypted privateKey ! * */ public void lockPrivateKey() { *************** *** 183,194 **** /** * Return the privateKey if it is not locked, otherwise return null * @return */ public PrivateKey getPrivateKey() { return privateKey; } /** ! * Return a PKCS8EncodedKeySpec which can be used to regenerate the PrivateKey * @param aPassword * @return --- 188,204 ---- /** * Return the privateKey if it is not locked, otherwise return null + * * @return */ public PrivateKey getPrivateKey() { + if (privateKey == null) + throw new IllegalStateException(KEY_LOCKED); return privateKey; } /** ! * Return a PKCS8EncodedKeySpec which can be used to regenerate the ! * PrivateKey ! * * @param aPassword * @return Index: AccountPrivateKey.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/security/bean/AccountPrivateKey.java,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** AccountPrivateKey.java 8 Dec 2006 06:08:08 -0000 1.4 --- AccountPrivateKey.java 9 Dec 2006 11:16:23 -0000 1.5 *************** *** 72,76 **** * @throws IOException */ ! public TolvenPublicKey init(PublicKey anEncryptionKey) throws GeneralSecurityException, IOException { String privateKeyAlgorithm = System.getProperty(ACCOUNT_PRIVATE_KEY_ALGORITHM_PROP); return init(privateKeyAlgorithm, anEncryptionKey); --- 72,76 ---- * @throws IOException */ ! public PublicKey init(PublicKey anEncryptionKey) throws GeneralSecurityException, IOException { String privateKeyAlgorithm = System.getProperty(ACCOUNT_PRIVATE_KEY_ALGORITHM_PROP); return init(privateKeyAlgorithm, anEncryptionKey); *************** *** 78,81 **** --- 78,104 ---- /** + * Decrypt the AccountPrivateKey using aDecryptionKey and re-encrypt it + * using anEncryptionKey + * + * @param anAccountPrivateKey + * @param aDecryptionKey + * @param anEncryptionKey + * @param anEncryptionKey + * @return + * @throws GeneralSecurityException + */ + public void init(AccountPrivateKey anAccountPrivateKey, UserPrivateKey aUserPrivateKey, PublicKey anEncryptionKey) throws GeneralSecurityException, IOException { + setKeySize(anAccountPrivateKey.getKeySize()); + PrivateKey privateKey = anAccountPrivateKey.getPrivateKey(aUserPrivateKey.getPrivateKey()); + accountSecretKey = AccountSecretKey.getInstance(); + SecretKey secretKey = accountSecretKey.init(anEncryptionKey); + Cipher cipher = Cipher.getInstance(secretKey.getAlgorithm()); + cipher.init(Cipher.ENCRYPT_MODE, secretKey); + byte[] encryptedPrivateKey = cipher.doFinal(privateKey.getEncoded()); + EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(privateKey.getAlgorithm(), encryptedPrivateKey); + setEncodedEncryptedPrivateKeyInfo(encryptedPrivateKeyInfo.getEncoded()); + } + + /** * Create a PrivateKey, encrypt it with a randomly generated SecretKey and * encrypt the SecretKey with a PublicKey *************** *** 87,91 **** * @throws GeneralSecurityException */ ! private TolvenPublicKey init(String aPrivateKeyAlgorithm, PublicKey anEncryptionKey) throws GeneralSecurityException, IOException { setKeySize(Integer.parseInt(System.getProperty(ACCOUNT_PRIVATE_KEY_LENGTH_PROP))); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(aPrivateKeyAlgorithm); --- 110,114 ---- * @throws GeneralSecurityException */ ! private PublicKey init(String aPrivateKeyAlgorithm, PublicKey anEncryptionKey) throws GeneralSecurityException, IOException { setKeySize(Integer.parseInt(System.getProperty(ACCOUNT_PRIVATE_KEY_LENGTH_PROP))); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(aPrivateKeyAlgorithm); *************** *** 99,105 **** EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(aPrivateKeyAlgorithm, encryptedPrivateKey); setEncodedEncryptedPrivateKeyInfo(encryptedPrivateKeyInfo.getEncoded()); ! TolvenPublicKey tolvenPublicKey = TolvenPublicKey.getInstance(); ! tolvenPublicKey.init(keyPair.getPublic()); ! return tolvenPublicKey; } --- 122,126 ---- EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(aPrivateKeyAlgorithm, encryptedPrivateKey); setEncodedEncryptedPrivateKeyInfo(encryptedPrivateKeyInfo.getEncoded()); ! return keyPair.getPublic(); } |
|
From: Joseph I. <jos...@us...> - 2006-12-09 11:16:26
|
Update of /cvsroot/tolven/tolvenEJB/src/test/org/tolven/security/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv1244/src/test/org/tolven/security/bean Modified Files: AccountPrivateKeyTestCase.java AccountSecretKeyTestCase.java DocumentSecretKeyTestCase.java Log Message: Added functionality to simulate an invitation and handle the transfer of a private account key from one user to the invited user. This code can only be activated by developers at this time, and is still undergoing test and review. Index: AccountSecretKeyTestCase.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/test/org/tolven/security/bean/AccountSecretKeyTestCase.java,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** AccountSecretKeyTestCase.java 8 Dec 2006 06:08:08 -0000 1.2 --- AccountSecretKeyTestCase.java 9 Dec 2006 11:16:22 -0000 1.3 *************** *** 26,33 **** PrivateKey theUserPrivateKey = userPrivateKey.getPrivateKey(password); AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); ! TolvenPublicKey theAccountPublicKey = accountPrivateKey.init(theUserPublicKey); PrivateKey theAccountPrivateKey = accountPrivateKey.getPrivateKey(theUserPrivateKey); AccountSecretKey accountSecretKey = AccountSecretKey.getInstance(); ! SecretKey theOriginalSecretKey = accountSecretKey.init(theAccountPublicKey.getPublicKey()); SecretKey requestedSecretKey = accountSecretKey.getSecretKey(theAccountPrivateKey); assertTrue(requestedSecretKey.equals(theOriginalSecretKey)); --- 26,33 ---- PrivateKey theUserPrivateKey = userPrivateKey.getPrivateKey(password); AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); ! PublicKey theAccountPublicKey = accountPrivateKey.init(theUserPublicKey); PrivateKey theAccountPrivateKey = accountPrivateKey.getPrivateKey(theUserPrivateKey); AccountSecretKey accountSecretKey = AccountSecretKey.getInstance(); ! SecretKey theOriginalSecretKey = accountSecretKey.init(theAccountPublicKey); SecretKey requestedSecretKey = accountSecretKey.getSecretKey(theAccountPrivateKey); assertTrue(requestedSecretKey.equals(theOriginalSecretKey)); *************** *** 51,57 **** PublicKey theUserPublicKey = userPrivateKey.init(password); AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); ! TolvenPublicKey accountPublicKey = accountPrivateKey.init(theUserPublicKey); AccountSecretKey accountSecretKey = AccountSecretKey.getInstance(); ! SecretKey secretKey = accountSecretKey.init(accountPublicKey.getPublicKey()); assertTrue(secretKey.getAlgorithm().equals(System.getProperty(AccountSecretKey.ACCOUNT_USER_KBE_KEY_ALGORITHM_PROP))); } --- 51,57 ---- PublicKey theUserPublicKey = userPrivateKey.init(password); AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); ! PublicKey accountPublicKey = accountPrivateKey.init(theUserPublicKey); AccountSecretKey accountSecretKey = AccountSecretKey.getInstance(); ! SecretKey secretKey = accountSecretKey.init(accountPublicKey); assertTrue(secretKey.getAlgorithm().equals(System.getProperty(AccountSecretKey.ACCOUNT_USER_KBE_KEY_ALGORITHM_PROP))); } Index: DocumentSecretKeyTestCase.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/test/org/tolven/security/bean/DocumentSecretKeyTestCase.java,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** DocumentSecretKeyTestCase.java 8 Dec 2006 06:08:08 -0000 1.2 --- DocumentSecretKeyTestCase.java 9 Dec 2006 11:16:22 -0000 1.3 *************** *** 26,33 **** PrivateKey theUserPrivateKey = userPrivateKey.getPrivateKey(password); AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); ! TolvenPublicKey theAccountPublicKey = accountPrivateKey.init(theUserPublicKey); PrivateKey theAccountPrivateKey = accountPrivateKey.getPrivateKey(theUserPrivateKey); DocumentSecretKey accountSecretKey = DocumentSecretKey.getInstance(); ! SecretKey theOriginalSecretKey = accountSecretKey.init(theAccountPublicKey.getPublicKey()); SecretKey requestedSecretKey = accountSecretKey.getSecretKey(theAccountPrivateKey); assertTrue(requestedSecretKey.equals(theOriginalSecretKey)); --- 26,33 ---- PrivateKey theUserPrivateKey = userPrivateKey.getPrivateKey(password); AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); ! PublicKey theAccountPublicKey = accountPrivateKey.init(theUserPublicKey); PrivateKey theAccountPrivateKey = accountPrivateKey.getPrivateKey(theUserPrivateKey); DocumentSecretKey accountSecretKey = DocumentSecretKey.getInstance(); ! SecretKey theOriginalSecretKey = accountSecretKey.init(theAccountPublicKey); SecretKey requestedSecretKey = accountSecretKey.getSecretKey(theAccountPrivateKey); assertTrue(requestedSecretKey.equals(theOriginalSecretKey)); *************** *** 35,39 **** /* ! * Test method for 'org.tolven.security.bean.DocumentSecretKey.getInstance()' */ public void testGetInstance() { --- 35,40 ---- /* ! * Test method for ! * 'org.tolven.security.bean.DocumentSecretKey.getInstance()' */ public void testGetInstance() { *************** *** 51,57 **** PublicKey theUserPublicKey = userPrivateKey.init(password); AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); ! TolvenPublicKey accountPublicKey = accountPrivateKey.init(theUserPublicKey); DocumentSecretKey accountSecretKey = DocumentSecretKey.getInstance(); ! SecretKey secretKey = accountSecretKey.init(accountPublicKey.getPublicKey()); assertTrue(secretKey.getAlgorithm().equals(System.getProperty(DocumentSecretKey.DOC_KBE_KEY_ALGORITHM_PROP))); } --- 52,58 ---- PublicKey theUserPublicKey = userPrivateKey.init(password); AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); ! PublicKey accountPublicKey = accountPrivateKey.init(theUserPublicKey); DocumentSecretKey accountSecretKey = DocumentSecretKey.getInstance(); ! SecretKey secretKey = accountSecretKey.init(accountPublicKey); assertTrue(secretKey.getAlgorithm().equals(System.getProperty(DocumentSecretKey.DOC_KBE_KEY_ALGORITHM_PROP))); } Index: AccountPrivateKeyTestCase.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/test/org/tolven/security/bean/AccountPrivateKeyTestCase.java,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** AccountPrivateKeyTestCase.java 8 Dec 2006 06:08:08 -0000 1.3 --- AccountPrivateKeyTestCase.java 9 Dec 2006 11:16:22 -0000 1.4 *************** *** 31,36 **** PublicKey publicKey = userPrivateKey.init(password); AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); ! TolvenPublicKey accountPublicKey = accountPrivateKey.init(publicKey); ! assertTrue(accountPublicKey.getPublicKey().getAlgorithm().equals(System.getProperty(AccountPrivateKey.ACCOUNT_PRIVATE_KEY_ALGORITHM_PROP))); } --- 31,62 ---- PublicKey publicKey = userPrivateKey.init(password); AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); ! PublicKey accountPublicKey = accountPrivateKey.init(publicKey); ! assertTrue(accountPublicKey.getAlgorithm().equals(System.getProperty(AccountPrivateKey.ACCOUNT_PRIVATE_KEY_ALGORITHM_PROP))); ! } ! ! /* ! * Test method for ! * 'org.tolven.security.bean.AccountPrivateKey.init(AccountPrivateKey, UserPrivateKey, PublicKey)' ! */ ! public void testInitAccountPrivateKeyUserPrivateKeyPublicKey() throws GeneralSecurityException, IOException { ! //Create UserPrivateKey1 ! UserPrivateKeyTestCase.initProperties(); ! UserPrivateKey theUserPrivateKey1 = UserPrivateKey.getInstance(); ! char[] password1 = "password1".toCharArray(); ! PublicKey publicKey1 = theUserPrivateKey1.init(password1); ! PrivateKey userPrivateKey1 = theUserPrivateKey1.getPrivateKey(password1); ! theUserPrivateKey1.unlockPrivateKey(password1); ! //Create AccountPrivateKey1 ! AccountPrivateKey accountPrivateKey1 = AccountPrivateKey.getInstance(); ! accountPrivateKey1.init(publicKey1); ! //Create UserPrivateKey2 ! UserPrivateKey theUserPrivateKey2 = UserPrivateKey.getInstance(); ! char[] password2 = "password2".toCharArray(); ! PublicKey publicKey2 = theUserPrivateKey2.init(password2); ! PrivateKey userPrivateKey2 = theUserPrivateKey2.getPrivateKey(password2); ! //Transfer AccountPrivateKey1 to AccountPrivateKey2 ! AccountPrivateKey accountPrivateKey2 = AccountPrivateKey.getInstance(); ! accountPrivateKey2.init(accountPrivateKey1, theUserPrivateKey1, publicKey2); ! assertTrue(accountPrivateKey2.getPrivateKey(userPrivateKey2).equals(accountPrivateKey1.getPrivateKey(userPrivateKey1))); } |
|
From: Joseph I. <jos...@us...> - 2006-12-09 11:16:26
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv1244/src/org/tolven/core Modified Files: AccountDAOLocal.java Log Message: Added functionality to simulate an invitation and handle the transfer of a private account key from one user to the invited user. This code can only be activated by developers at this time, and is still undergoing test and review. Index: AccountDAOLocal.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/AccountDAOLocal.java,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** AccountDAOLocal.java 6 Nov 2006 07:41:24 -0000 1.8 --- AccountDAOLocal.java 9 Dec 2006 11:16:23 -0000 1.9 *************** *** 73,76 **** --- 73,81 ---- /** + * @see ActivationBean + */ + public AccountUser inviteAccountUser(Account account, TolvenUser user, Date now, boolean accountPermission ); + + /** * Given what is suspected to be a valid sponsorship reference code, return the Sponsorship * This method fails loudly (throws an object not found exception) if the reference code is not found. |
|
From: Joseph I. <jos...@us...> - 2006-12-09 11:16:26
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/entity In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv1244/src/org/tolven/doc/entity Modified Files: Invitation.java Log Message: Added functionality to simulate an invitation and handle the transfer of a private account key from one user to the invited user. This code can only be activated by developers at this time, and is still undergoing test and review. Index: Invitation.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/doc/entity/Invitation.java,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** Invitation.java 3 Sep 2006 01:13:16 -0000 1.5 --- Invitation.java 9 Dec 2006 11:16:23 -0000 1.6 *************** *** 18,21 **** --- 18,22 ---- import javax.persistence.Column; + import javax.persistence.Embedded; import javax.persistence.Entity; import javax.persistence.FetchType; *************** *** 30,33 **** --- 31,35 ---- import org.tolven.core.entity.Account; import org.tolven.core.entity.TolvenUser; + import org.tolven.security.bean.AccountPrivateKey; /** *************** *** 92,95 **** --- 94,100 ---- @ManyToOne (fetch=FetchType.LAZY ) private DocBase details; + + @Embedded + private AccountPrivateKey accountPrivateKey; /** Creates a new instance of Invitation */ *************** *** 237,239 **** --- 242,252 ---- this.title = title; } + + public AccountPrivateKey getAccountPrivateKey() { + return accountPrivateKey; + } + + public void setAccountPrivateKey(AccountPrivateKey anAccountPrivateKey) { + accountPrivateKey = anAccountPrivateKey; + } } |
|
From: Joseph I. <jos...@us...> - 2006-12-09 11:16:26
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv1244/src/org/tolven/core/bean Modified Files: AccountDAOBean.java Log Message: Added functionality to simulate an invitation and handle the transfer of a private account key from one user to the invited user. This code can only be activated by developers at this time, and is still undergoing test and review. Index: AccountDAOBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean/AccountDAOBean.java,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** AccountDAOBean.java 8 Dec 2006 07:37:29 -0000 1.10 --- AccountDAOBean.java 9 Dec 2006 11:16:23 -0000 1.11 *************** *** 17,21 **** --- 17,23 ---- import java.util.ArrayList; import java.util.Date; + import java.util.Iterator; import java.util.List; + import java.util.Set; import javax.annotation.EJB; *************** *** 34,39 **** import org.tolven.core.entity.TolvenUser; import org.tolven.core.entity.AccountUser; import org.tolven.security.bean.AccountPrivateKey; - import org.tolven.security.bean.TolvenPublicKey; --- 36,41 ---- import org.tolven.core.entity.TolvenUser; import org.tolven.core.entity.AccountUser; + import org.tolven.doc.entity.Invitation; import org.tolven.security.bean.AccountPrivateKey; *************** *** 133,137 **** /** ! * Associate a user with an account * @param account The existing (although possibly very recent) Account object * @param user the existing (although possibly very recent) TolvenUser object --- 135,139 ---- /** ! * Associate a user with an account without sending using invitation * @param account The existing (although possibly very recent) Account object * @param user the existing (although possibly very recent) TolvenUser object *************** *** 140,143 **** --- 142,200 ---- */ public AccountUser addAccountUser(Account account, TolvenUser user, Date now, boolean accountPermission ) { + return addAccountUser(account, user, null, now, accountPermission); + } + + /** + * Associate a user with an account by invitation + * @param account The existing (although possibly very recent) Account object + * @param user the existing (although possibly very recent) TolvenUser object + * @param now Transactional "now" time + * @param accountPermission boolean indicating if this user has account administration permission + */ + public AccountUser inviteAccountUser(Account account, TolvenUser user, Date now, boolean accountPermission) { + if (System.getProperty("tolven.security.keys.activate") != null) { + // TODO: The correct location of the creation of an Invitation is + // still to be determined. It is created here, to simulate that but + // is not persisted + TolvenUser loggedInUser = findUser(ejbContext.getCallerPrincipal().getName()); + // Not sure if this is the most efficient what to find the AccountUser of the logged in user + Set<AccountUser> accountUsers = account.getAccountUsers(); + AccountUser loggedInAccountUser = null; + for (Iterator<AccountUser> iter = accountUsers.iterator(); iter.hasNext();) { + loggedInAccountUser = iter.next(); + if (loggedInAccountUser.getUser().getLdapUID().equals(loggedInUser.getLdapUID())) + break; + } + if (loggedInAccountUser == null) + throw new RuntimeException("No authorization to add users to this account"); + AccountPrivateKey loggedInAccountPrivateKey = loggedInAccountUser.getAccountPrivateKey(); + AccountPrivateKey invitedAccountPrivateKey = AccountPrivateKey.getInstance(); + try { + invitedAccountPrivateKey.init(loggedInAccountPrivateKey, loggedInUser.getUserPrivateKey(), user.getPublicKey()); + } catch (Exception ex) { + // TODO: Do nothing but note the fact during development of encryption keys + System.out.println(getClass() + ": Debug info: Problem adding Account Key to Invitation - " + ex.getMessage()); + } + Invitation invitation = new Invitation(); + invitation.setStatus(Status.INACTIVE.value()); + invitation.setAccountPrivateKey(invitedAccountPrivateKey); + return addAccountUser(account, user, invitation, now, accountPermission); + } else { + return addAccountUser(account, user, null, now, accountPermission); + } + } + + /** + * Associate a user with an account + * @param account The existing (although possibly very recent) Account object + * @param user the existing (although possibly very recent) TolvenUser object + * @param invitation the invitation to join the account + * @param now Transactional "now" time + * @param accountPermission boolean indicating if this user has account administration permission + */ + private AccountUser addAccountUser(Account account, TolvenUser user, Invitation invitation, Date now, boolean accountPermission ) { + // TODO: Note that the invitation supplied here by the method + // inviteAccountUser, is not fully implemented, until this todo is + // removed, and it may also be null. AccountUser au = new AccountUser(); au.setAccount( account ); *************** *** 155,159 **** // property tolven.security.keys.activate if (System.getProperty("tolven.security.keys.activate") != null) { ! setupAccountKeys(account, au); } em.persist( au ); --- 212,216 ---- // property tolven.security.keys.activate if (System.getProperty("tolven.security.keys.activate") != null) { ! setupAccountKeys(account, au, invitation); } em.persist( au ); *************** *** 161,173 **** } ! private void setupAccountKeys(Account account, AccountUser accountUser) { // TODO: At this point the AccountUser cannot have a PrivateKey if (accountUser.hasAccountPrivateKey()) return; try { ! if (!account.hasTolvenPublicKey()) { AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); TolvenUser loggedInUser = findUser(ejbContext.getCallerPrincipal().getName()); ! TolvenPublicKey accountPublicKey = accountPrivateKey.init(loggedInUser.getPublicKey()); account.setPublicKey(accountPublicKey); accountUser.setAccountPrivateKey(accountPrivateKey); --- 218,234 ---- } ! private void setupAccountKeys(Account account, AccountUser accountUser, Invitation invitation) { // TODO: At this point the AccountUser cannot have a PrivateKey if (accountUser.hasAccountPrivateKey()) return; try { ! if (account.hasPublicKey()) { ! // No invitation, no keys ! if (invitation != null) ! accountUser.setAccountPrivateKey(invitation.getAccountPrivateKey()); ! } else { AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); TolvenUser loggedInUser = findUser(ejbContext.getCallerPrincipal().getName()); ! PublicKey accountPublicKey = accountPrivateKey.init(loggedInUser.getPublicKey()); account.setPublicKey(accountPublicKey); accountUser.setAccountPrivateKey(accountPrivateKey); |
|
From: Joseph I. <jos...@us...> - 2006-12-08 07:37:31
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv14415/src/org/tolven/core/bean Modified Files: AccountDAOBean.java Log Message: Added more encryption key infrastructure. The columns will now appear in the DB, but will not be populated at this time. Index: AccountDAOBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean/AccountDAOBean.java,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** AccountDAOBean.java 8 Dec 2006 07:21:52 -0000 1.9 --- AccountDAOBean.java 8 Dec 2006 07:37:29 -0000 1.10 *************** *** 171,174 **** --- 171,175 ---- TolvenPublicKey accountPublicKey = accountPrivateKey.init(loggedInUser.getPublicKey()); account.setPublicKey(accountPublicKey); + accountUser.setAccountPrivateKey(accountPrivateKey); } } catch (Exception ex) { |
|
From: Joseph I. <jos...@us...> - 2006-12-08 07:21:54
|
Update of /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv7901/src/org/tolven/core/bean Modified Files: AccountDAOBean.java InvitationBean.java ActivationBean.java Log Message: Added more encryption key infrastructure. The columns will now appear in the DB, but will not be populated at this time. Index: AccountDAOBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean/AccountDAOBean.java,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** AccountDAOBean.java 6 Nov 2006 07:41:24 -0000 1.8 --- AccountDAOBean.java 8 Dec 2006 07:21:52 -0000 1.9 *************** *** 14,17 **** --- 14,18 ---- package org.tolven.core.bean; + import java.security.PublicKey; import java.util.ArrayList; import java.util.Date; *************** *** 19,22 **** --- 20,24 ---- import javax.annotation.EJB; + import javax.annotation.Resource; import javax.ejb.*; import javax.persistence.EntityManager; *************** *** 32,35 **** --- 34,39 ---- import org.tolven.core.entity.TolvenUser; import org.tolven.core.entity.AccountUser; + import org.tolven.security.bean.AccountPrivateKey; + import org.tolven.security.bean.TolvenPublicKey; *************** *** 45,48 **** --- 49,55 ---- private EntityManager em; + @Resource + EJBContext ejbContext; + public static String alphabet = "ab2c3d4e5f6g7h8j9kmnprstuvwxy"; *************** *** 142,148 **** --- 149,181 ---- au.setDefaultAccount( false ); au.setAccountPermission( accountPermission ); + // TODO: Note that keys are not ready for release and creating them + // before they are tested could lead to problems for later + // migration. But if you know what you are doing and the DB is + // experimental, then developers are free to play by setting System + // property tolven.security.keys.activate + if (System.getProperty("tolven.security.keys.activate") != null) { + setupAccountKeys(account, au); + } em.persist( au ); return au; } + + private void setupAccountKeys(Account account, AccountUser accountUser) { + // TODO: At this point the AccountUser cannot have a PrivateKey + if (accountUser.hasAccountPrivateKey()) + return; + try { + if (!account.hasTolvenPublicKey()) { + AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); + TolvenUser loggedInUser = findUser(ejbContext.getCallerPrincipal().getName()); + TolvenPublicKey accountPublicKey = accountPrivateKey.init(loggedInUser.getPublicKey()); + account.setPublicKey(accountPublicKey); + } + } catch (Exception ex) { + // TODO: Do nothing but note the fact during development of + // encryption keys + System.out.println(getClass() + ": Debug info: Problem while setting up Account Keys - " + ex.getMessage()); + } + } /** Index: InvitationBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean/InvitationBean.java,v retrieving revision 1.16 retrieving revision 1.17 diff -C2 -d -r1.16 -r1.17 *** InvitationBean.java 5 Dec 2006 09:36:10 -0000 1.16 --- InvitationBean.java 8 Dec 2006 07:21:52 -0000 1.17 *************** *** 55,59 **** import org.tolven.core.TolvenPropertiesLocal; import org.tolven.core.entity.Account; - import org.tolven.core.entity.AccountUser; import org.tolven.core.entity.HealthRecord; import org.tolven.core.entity.Status; --- 55,58 ---- *************** *** 62,68 **** import org.tolven.doc.entity.DocBase; import org.tolven.doc.entity.Invitation; - // TODO: Uncomment when encryption is released - //import java.security.PublicKey; - //import org.tolven.security.bean.AccountPrivateKey; @Stateless --- 61,64 ---- *************** *** 312,330 **** System.out.println( "Created account: " + account.getId()); // Note, the user automatically gets account permission since they are the only user on that new account. ! TolvenUser tolvenUser = accountBean.findUser( invitation.getTargetEmail()); ! AccountUser accountUser = accountBean.addAccountUser( account, tolvenUser, now, true); ! // TODO: Uncomment when encryption is released ! /* ! try { ! AccountPrivateKey accountPrivateKey = AccountPrivateKey.getInstance(); ! PublicKey accountPublicKey = accountPrivateKey.init(tolvenUser.getPublicKey()); ! accountUser.setAccountPrivateKey(accountPrivateKey); ! account.setPublicKey(accountPublicKey); ! } catch (Exception ex) { ! // TODO: Do nothing but note the fact during development of ! // encryption keys ! System.out.println(getClass() + ": While creating AccountPrivateKey - " + ex.getMessage()); ! } ! */ } if (detail instanceof JoinAccountInvitation) --- 308,312 ---- System.out.println( "Created account: " + account.getId()); // Note, the user automatically gets account permission since they are the only user on that new account. ! accountBean.addAccountUser( account, accountBean.findUser( invitation.getTargetEmail()), now, true); } if (detail instanceof JoinAccountInvitation) *************** *** 333,338 **** Account account = accountBean.findAccount( ja.getAccountId() ); // Note, the user may or may not be given account permission depending on the wishes of the inviter. ! TolvenUser invitedTolvenUser = accountBean.findUser( invitation.getTargetEmail()); ! AccountUser newAccountUser = accountBean.addAccountUser( account, invitedTolvenUser, now, ja.isAccountPermission()); } } --- 315,319 ---- Account account = accountBean.findAccount( ja.getAccountId() ); // Note, the user may or may not be given account permission depending on the wishes of the inviter. ! accountBean.addAccountUser( account, accountBean.findUser( invitation.getTargetEmail()), now, ja.isAccountPermission()); } } Index: ActivationBean.java =================================================================== RCS file: /cvsroot/tolven/tolvenEJB/src/org/tolven/core/bean/ActivationBean.java,v retrieving revision 1.21 retrieving revision 1.22 diff -C2 -d -r1.21 -r1.22 *** ActivationBean.java 5 Dec 2006 09:36:10 -0000 1.21 --- ActivationBean.java 8 Dec 2006 07:21:52 -0000 1.22 *************** *** 15,18 **** --- 15,19 ---- import java.io.IOException; + import java.security.PublicKey; import java.util.ArrayList; import java.util.Calendar; *************** *** 55,61 **** import org.tolven.security.TolvenPerson; import org.tolven.security.bean.LDAPLocal; ! // TODO: Uncomment when encryption is released ! //import java.security.PublicKey; ! //import org.tolven.security.bean.UserPrivateKey; //import javax.jws.WebService; --- 56,60 ---- import org.tolven.security.TolvenPerson; import org.tolven.security.bean.LDAPLocal; ! import org.tolven.security.bean.UserPrivateKey; //import javax.jws.WebService; *************** *** 261,279 **** user.setOldLastLogin(user.getLastLogin()); user.setLastLogin( now ); // Now - current time. Update last login to now. ! // TODO: Uncomment when encryption is released ! /* ! try { ! if (!user.hasUserPrivateKey()) { ! UserPrivateKey privateKey = UserPrivateKey.getInstance(); ! PublicKey publicKey = privateKey.init(principal.toCharArray()); ! user.setUserPrivateKey(privateKey); ! user.setPublicKey(publicKey); } - user.getUserPrivateKey().unlockPrivateKey(principal.toCharArray()); - } catch (Exception ex) { - // TODO: Do nothing but note the fact during development of encryption keys - System.out.println(getClass() + ": While setting UserPrivateKey - " + ex.getMessage()); } - */ } return user; --- 260,283 ---- user.setOldLastLogin(user.getLastLogin()); user.setLastLogin( now ); // Now - current time. Update last login to now. ! // TODO: Note that keys are not ready for release and creating them ! // before they are tested could lead to problems for later ! // migration. But if you know what you are doing and the DB is ! // experimental, then developers are free to play by setting System ! // property tolven.security.keys.activate ! if (System.getProperty("tolven.security.keys.activate") != null) { ! try { ! if (!user.hasUserPrivateKey()) { ! UserPrivateKey privateKey = UserPrivateKey.getInstance(); ! PublicKey publicKey = privateKey.init(principal.toCharArray()); ! user.setUserPrivateKey(privateKey); ! user.setPublicKey(publicKey); ! } ! user.getUserPrivateKey().unlockPrivateKey(principal.toCharArray()); ! } catch (Exception ex) { ! // TODO: Do nothing but note the fact during development of ! // encryption keys ! System.out.println(getClass() + ": Debug info: Problem while setting UserPrivateKey - " + ex.getMessage()); } } } return user; |
3 messages has been excluded from this view by a project administrator.
